Ok guys, I got a real life scenario here and I need your help.
At work we have a windows 2000 domain. There is one domain controller, one member server and client computers. All computers are on same subnet. We have a hardware firewall (FortiGate). Member server is configured for dialup remote access. A modem is directly connected to this member server and one local user on this server is configured to connect to this server.
Now we want to configure this member server as VPN server so the user can access it through VPN. The user needs full permissions (administrator) on this member server but should not be able to access any other computer on the network.
As far as the VPN server configuration is, it is already configured for VPN connection and with two IP addresses to assign to VPN client and VPN server itself.
What I don't know is that how to configure user account (local user or active directory user) so it has full permissions on this member server but no permission on any other computer. Second, we also need to configure firewall to forward VPN. Believe me this firewall has a lot of things to configure about VPN
. It has following options for VPN authentication
1. Create new user account and password on firewall itself
2. forward authentication to RADIUS server
3. forward authentication to LDAP server
I am not sure what to do. It also asks for the IP address range to assign to VPN clients when we enable VPN. Thats ok, I can give it a range of IP addresses here but then what about the range that we configure on VPN server? I really don't know who is gonna authenticate and assign IP to VPN client.
Please help me with this scenario. I have the documentation (pdf file) for firewall if you guys need to look at VPN configuration. I can send it to you.
Thanks a lot guys